GDPR’s effect on companies that offer visa services and traveling

The companies around the world that offer visa services have had to make changes in the way they deal with data, within the last two years, since April 2016 when the European Union adopted the General Data Protection Regulation amid growing concerns on the safety of personal data from identity theft, and other unethical usage.

The GDPR is a regulation by the European Union that regulates the processing of personal data relating to individuals in the EU by another individual, company, or an organization. It has been adopted in April 2016, after replacing an outdated data protection directive from 1995.

The companies that offer visa services to European nationals, or to non-Europeans for Europe visas, have had to make changes in their data protection policies in order to be in compliance with the regulation.

The changes that the companies that offer visa services have had to undertake within the past two years, give citizens a better control of their personal data processed by one of these companies. Aside of the rule that a citizen will have to give “clear and affirmative consent” for their data to be processed, the GDPR also grants them with the right to be forgotten, meaning they can ask for their data to be deleted from the database of a service provider.

Barry Cook, Group Data Protection Officer at VFS Global which processes millions of visa applications to the EU from 139 countries around the world, claims that travel and visa facilitation companies are exposed to personal data, that is why the industry as a whole needs to be compliant to the GDPR.

“Going forward, GDPR will be a global benchmark in privacy standards and we see it as an opportunity to implement world-class data protection policies across the VFS Global operations globally, including 447 Visa Application Centers we operate across India,” he says.

Only 5% of organizations ready one month prior to GDPR’s takeoff

Despite the fact that the GDPR was adopted two years before it came into effect, four weeks away from the date, only 5% of organizations claimed that they were fully prepared for the new data regulation.

According to a research carried out as a part of the BSI Cyber security and information Resilience Path to GDPR compliance series, in which research took part over 1,800 European respondents including participants from Belgium, France, Germany, Ireland, Italy, Netherland, Poland, Spain and the UK, only 33% of the respondents stated they were over half way to compliance a month prior to GDPR’s come into effect.

Meanwhile, over half of the organizations part of the research stated they were not even half prepared one month ahead. Only one in five senior managers claim to be actively engaged with the GDPR on behalf of their organization while 97% of the organizations admit that the GDPR will affect the way they conduct their business.

Visa service companies that do not pledge compliance with GDPR to be fined

Every company that processes visas of European citizens, or of other nationals to Europe, that does not comply with the new rules concerning data protection and privacy will be fined. These fines will be up to €20 million or 4% of an organization’s annual global turnover, whichever is greater.

However, according to a research conducted by the Spiceworks, only 14% of UK organizations, 9% of the EU and 3% of the US organization believe that they will be fined for not complying with the GDPR, while the rest believes that they will not.

GDPR’s effect on traveling

Since the companies that offer visa services will be affected by the GDPR, these effects will also be seen in travel companies. According to Claire Mulligan, a partner at a global law firm called Kennedys, travel industry will be particularly affected due to the large volume of personal and sensitive data it processes about individuals.

“Travel companies also use data in marketing new promotions to people, as well as sharing large volumes of data with overseas suppliers, such as accommodation and excursion providers. All related activities must be reviewed and brought in line with the new regulations,” she says highlighting that the incapability of travel companies to use this data will push travel companies to find new ways of targeting the right audience when marketing new promotions, as well as changing the way that travel companies deal with consumer data. /TravelDailyNews